Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-552 (对外部实体的文件或目录可访问) — Vulnerability Class 198

198 vulnerabilities classified as CWE-552 (对外部实体的文件或目录可访问). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7389 Unauthorized Arbitrary File Read via RMI in AdminServer Interface — OpenEdge 6.5 -2026-04-14
CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access — CF Image Hosting Script 9.8 Critical2026-04-12
CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder — chamilo-lms 9.8 -2026-04-10
CVE-2021-47960 Synology SSL VPN Client 安全漏洞 — Synology SSL VPN Client 6.5 Medium2026-04-10
CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler — Loris 7.7 High2026-04-08
CVE-2026-34392 LORIS has a path traversal in static router — Loris 7.5 High2026-04-08
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.core 9.3 Critical2026-03-31
CVE-2026-4900 code-projects Online Food Ordering System localhost.sql privilege escalation — Online Food Ordering System 5.3 Medium2026-03-26
CVE-2021-4474 Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access — RUCKUS Access Point 4.9 Medium2026-03-26
CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host — Panorama Suite 7.5 -2026-03-25
CVE-2026-4532 code-projects Simple Food Ordering System Database Backup food.sql file access — Simple Food Ordering System 5.3 Medium2026-03-22
CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions — ZKTeco ZKAccess Professional 8.8 High2026-03-15
CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI — cli 6.2 Medium2026-03-12
CVE-2018-25164 EverSync 0.5 Arbitrary File Download via files Directory — EverSync 7.5 High2026-03-06
CVE-2026-2331 CVE-2026-2331 — SICK Lector85x 9.8 Critical2026-03-06
CVE-2026-2330 CVE-2026-2330 — SICK Lector85x 9.4 Critical2026-03-06
CVE-2026-24732 Improper permission checks in Extension:NSFileRepo — BlueSpice 6.5AIMediumAI2026-03-04
CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access — webERP 9.8 Critical2026-02-03
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration — nixpkgs 9.1 Critical2026-02-02
CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files — WP-Members Membership Plugin 5.3 Medium2026-01-07
CVE-2025-15153 PbootCMS SQLite Database pbootcms.db file access — PbootCMS 3.7 Low2025-12-28
CVE-2019-25239 V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download — GPON/EPON OLT Platform 7.5 High2025-12-24
CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download — Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download 6.5 Medium2025-12-24
CVE-2025-14896 kroki 安全漏洞 — kroki 7.5 High2025-12-18
CVE-2025-14697 Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access — Sixun Shanghui Group Business Management System 3.7 Low2025-12-15
CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File — Secure Copy Content Protection and Content Locking 5.3 Medium2025-12-12
CVE-2025-12747 Tainacan <= 1.0.0 - Unauthenticated Information Exposure — Tainacan 5.3 Medium2025-11-21
CVE-2025-12894 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure — Import WP – Export and Import CSV and XML files to WordPress 5.3 Medium2025-11-21
CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download — BEMS API 7.5 -2025-11-12
CVE-2025-11959 Improper Access Control in Premierturk's Excavation Management Information System — Excavation Management Information System 8.1 High2025-11-11

Vulnerabilities classified as CWE-552 (对外部实体的文件或目录可访问) represent 198 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.